How GDPR is affecting the video games you love

The GDPR replaces the 1995 EU Data Protection Directive, forcing every company around the globe to abide by strict rules when handling European subjects’ personal data. The regulations were adopted to protect EU residents and arm them with awareness about how companies use their information.

While GDPR addressed tech companies that have dealt with and make money off user data, like Facebook and Google, the expansive definition of “personal data” — everything from names and email addresses to biometrics and IP addresses — means that gaming companies have had to comply, too. And that has cost them time and money to avoid incurring fines.

Is your organisation GDPR compliant?
Find out more about ContinuityLink’s
Certified Data Protection Officer training >

This is good for gamers in the EU, who will have a much better idea what information is collected when they play, buy products or use services. Game enthusiasts outside Europe will benefit, too, as some organizations, like Razer, treat the GDPR as a privacy bellwether and adopted it globally.

Read entire article How GDPR is affecting the games you love | David Lumb | Endgadget

New Google+ bug moves site end date forward

Google is speeding up the closure of its unpopular social networking platform after discovering a new bug affecting over 52 million users.

The tech giant announced in October that it would be shutting Google+ in August 2019. However, that date has been brought forward to April next year, while its APIs will disappear “within the next 90 days,” according to G Suite product management VP, David Thacker.

The reason appears to be a newly discovered vulnerability in the API which the firm says impacts roughly 52.5 million users.

With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile — like their name, email address, occupation, age — were granted permission to view profile information about that user even when set to not-public,” Thacker explained.

Read entire article New Google+ Bug Moves Site End Date Forward | Phil Muncaster | InfoSecurity

Girl Scouts alerted to possible data breach

Reports suggest that as many as 2800 girl scouts in Orange County may have been affected in an incident which lasted just a day.

Is your organization GDPR compliant? Find out more about the Certified Data Protection Officer trainingAffected information could include names, email and home addresses, driver’s license details, insurance policy numbers and health history information.

Those hit by the breach were contacted last week.

They were told that the attack began on September 30 when an unauthorized third party gained access to an official Girl Scouts Orange County Travel email account, which was used to “send emails to others” — presumably phishing emails.

> Read entire article Girl Scouts alerted to possible data breach | Phil Muncaster | InfoSecurity

British Airways customer data stolen in data breach

The London-based airline, the largest in the UK, did not disclose much about the breach, only that hackers stole customer data from its website,

In a statement, BA said that the “personal and financial details” of customers who made bookings on BA’s site or app between August 21 and September 5 were compromised, but travel or passport information was not taken.

A spokesperson told TechCrunch that “around 380,000 card payments” were compromised. BA had more than 45 million passengers last year. “The breach has been resolved and our website is working normally,” the company said in a statement

> Read entire article British Airways customer data stolen in data breach | Zack Whittaker | TechCrunch



Grindr under fire for sharing HIV status of users

Same-sex dating app Grindr has said it will stop sharing users’ HIV status after it was revealed that the details were shared with third-party analytics companies.

Published on InfoSecurity | By Dan Raywood

According to initial research by Antoine Pultier, a researcher at SINTEF, and verified by Buzzfeed News, Grindr shared HIV status along with users’ GPS data, sexuality, relationship status, ethnicity, phone ID and email to Apptimize and Localytics, which help optimize apps. This information, unlike the HIV data, was sometimes shared via plain text.

Buzzfeed News reported that under the app’s “HIV status” category, users can choose from a variety of statuses, which include whether the user is positive, positive and on HIV treatment, negative, or negative and on PrEP, the once-daily pill shown to effectively prevent contracting HIV.

In a statement, Grindr CTO Scott Chen said that as a company that serves the LGBTQ community “we understand the sensitivities around HIV status disclosure” and clarified that Grindr “has never, nor will we ever sell personally identifiable user information – especially information regarding HIV status or last test date – to third parties or advertisers.

Chen clarified that it does work with highly-regarded vendors to test and optimize how it rolls out the platform, and these vendors are under strict contractual terms that provide for the highest level of confidentiality, data security and user privacy.

Read entire article Grindr Under Fire for Sharing HIV Status of Users | InfoSecurity

Pizza Hut serves up a slice of data breach

Pizza Hut has become the latest household name to suffer a payment card breach.

The company admitted the incident on Saturday in an email sent to affected customers, nearly two weeks after it discovered and remediated the issue.

According to the email, shared on social media by some recipients, affected customers placed orders on the company’s mobile app or website for about 28 hours between the morning of October 01 and midday on October 02.

The “temporary security intrusion” resulted in hackers accessing names, billing ZIP codes, delivery addresses, email addresses and payment card information (account numbers, expiration dates and CVV numbers).

The company didn’t say how many customers were affected.

Some of the affected expressed anger that it took the franchise two weeks to let them know.

Read complete article Pizza Hut Serves Up a Slice of Data Breach | InfoSecurity

6 horrors from the Equifax CEO’s congressional hearing

The initial drama over Equifax’s September data breach has mostly subsided, but the actual damage will play out for years. And indeed, there turns out to be plenty of spectacle and public controversy left.

It was all on display at a Tuesday Congressional hearing, in which lawmakers questioned Equifax’s former CEO Richard Smith in an attempt to make sense of how things went so wrong.

Before delving into the hearing itself—which went poorly enough—it’s worth mentioning that it was bracketed by further unfortunate Equifax revelations. The company announced Monday that the total number of people impacted by its breach is not 143 million—the amount it first disclosed—but in fact 145.5 million.

Equifax’s former CEO attempts to make sense of how things went so wrong

Its ability to casually misplace 2.5 million lives upended by the breach is alarming, as is Tuesday afternoon’s revelation that the IRS awarded Equifax a no-bid, multimillion-dollar fraud-prevention contract last week.

And there’s a lot more where that came from. Here are six important (and astonishing, disappointing, you name it) tidbits that came out of Tuesday’s hearing.

1. The timeline of when executives knew what about the breach is both disheartening and suspect

Equifax has previously said that it was breached on May 13 and that it first discovered the problem on July 29. The company notified the public on September 7.

But during Tuesday’s hearing, former CEO Smith added that he first heard about “suspicious activity” in a customer-dispute portal, where Equifax tracks customer complaints and efforts to correct mistakes in their credit reports, on July 31. He moved to hire cybersecurity experts from the law firm King & Spalding to start investigating the issue on August 2. Smith claimed that, at that time, there was no indication that any customer’s personally identifying information had been compromised.

Smith further testified that he didn’t ask for a briefing about the “suspicious activity” until August 15, almost two weeks after the special investigation began and 18 days after the initial red flag.

Read entire post 6 fresh horrors from the Equifax CEO’s congressional hearing | WIRED

Literally every Yahoo account was hacked

The 2013 Yahoo hack was three times bigger than originally thought, investigation reveals!

Yahoo has tripled down on what was already the largest data breach in history, saying it affected all three billion accounts on its service, not the one billion it revealed late last year.

The company announced Tuesday that it has sent emails providing notice to additional user accounts affected by the August 2013 data theft.

The breach now affects a number that represents nearly “half the world,” said Sam Curry, chief security officer for Boston-based firm Cybereason, though there’s likely to be more accounts than actual users.

If you had a Yahoo account in 2013, your username and password were stolen. Period.

The breach now affects a number that represents nearly “half the world,” said Sam Curry, chief security officer for Boston-based firm Cybereason, though there’s likely to be more accounts than actual users.

GDPR is coming fast! Make sure your organisation is prepared and compliant with the CDPO training and certification.
Find out more

What you can (and can’t) do

If you hadn’t already changed your Yahoo password (or deleted your Yahoo account) when the 1-billion-user breach was disclosed a year ago (or when the different, 500-million-user breach from 2014 was disclosed a couple of months before that), then now is the time to do so. Don’t forget to change that password anywhere else you used it as well.

Other than changing passwords (and we recommend a good password manager to keep them all strong, secure and unique), you should make sure to unlink your mobile devices from your Yahoo accounts and then relink them using new passwords. Also, turn on two-factor authentication on Yahoo and on any other online service that allows it, such as Google, Facebook, Microsoft, Apple and Dropbox.

New training available! Certified Data Protection Officer

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.

We are now offering the Certified Data Protection Officer training and certification! This course enables you to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework for the protection of personal data. Find out how GDPR will impact your business.

Common GDPR myths debunked

Noise around the European General Data Protection Regulation (GDPR) is getting louder as the 2018 deadline for enforcement approaches. Common myths debunked!

Who is more prepared for GDPR? The UK, Europe or the US?

Study finds IT professionals in the UK are more supportive of and informed about GDPR than their counterparts in the EU and the US.

So, Equifax says your data was hacked. Now what?

As widely reported, the credit reporting bureau Equifax was recently hacked. If you have a credit report, you’re likely one of the 143 million Americans whose data may have been exposed, according to the Federal Trade Commission.

According to Equifax, the breach lasted more than a month, from mid-May until July of this year. The hackers gained access to people’s names, Social Security numbers, birth dates, addresses, and even some driver’s license numbers. They also got credit card numbers for 209,000 people and dispute documents with personal information for 182,000 consumers.

Unfortunately, at least some of your information was likely involved in this breach if you had a credit file with Equifax. I can tell you that my data was compromised. Let’s walk through what you need to do to first determine whether your information was compromised. Then we’ll look at what you can do about it.

The first step is to visit to find out if your information was exposed. The site includes a Potential Impact tab, where you can enter your last name and the last six digits of your social security number. (Be sure you’re on a secure computer and internet connection when you’re doing this!) This will tell you whether or not your information was compromised.

Enroll in free credit monitoring even if the site doesn’t say you were affected. You’ll be able to find out when you can enroll at the site linked above. You’ll have from that date until November 21, 2017 to enroll for a free year of credit monitoring.

Here I should add that one year of free credit monitoring is totally inadequate. The Equifax data theft can have life-long consequences for consumers. When a credit card number is stolen, you simply get a new card with a new number. You can’t, however, get a new date of birth or Social Security number.

Source: Forbes


New law will change the way you use Facebook!

Everyone will be given sweeping new powers to see what tech companies know about them and have it deleted, under a new bill.

UK’s Data Protection Bill will make it far more easy for people to find out how companies are using their personal details, including their browsing history and even their DNA. And once they’ve seen it, it will also greatly increase the “right to be forgotten” – allowing people to make those companies delete that most personal of information.

The bill is intended partly to allow people to escape from their internet history when they become an adult, since companies like Facebook and Google will have to scrub everything that they posted when they were a child.

Companies that won’t comply could be fined millions of pounds.

RELATED: UK’s new Data Protection Bill, incorporating GDPR, expected in September

As well as giving people far more power in how their information is handled, it will also make companies be more up front about how it is collected. Companies won’t be able to trick their customers by using pre-selected tick boxes that opt into tracking, for instance, and people will instead have to give their explicit consent.


The legislation will:

  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Expand the definition of personal data to include IP addresses, internet cookies and DNA
  • Make it easier and free for individuals to require an organisation reveal the personal data it holds on them
  • Create new criminal offences to deter organisations from intentionally or recklessly creating situations where someone could be identified from anonymised data

The legislation will bring the European Union’s General Data Protection Regulation (GDPR) into domestic law, helping Britain prepare for Brexit because it will mean the systems are aligned when the UK leaves the bloc.

Source: Independent

Read entire post grey  Related Training grey